Sync from SUSE:SLFO:Main tiff revision 96e47df4af6966885171de2128d52db8

tiff-CVE-2024-7006.patch

@@ -0,0 +1,49 @@
+Upstream:
+3705f82b6483c7906cf08cd6b9dcdcd59c61d779
+Index: tiff-4.6.0/libtiff/tif_dirinfo.c
+===================================================================
+--- tiff-4.6.0.orig/libtiff/tif_dirinfo.c
++++ tiff-4.6.0/libtiff/tif_dirinfo.c
+@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterFiel
+     if (fld == NULL)
+     {
+         fld = _TIFFCreateAnonField(tif, tag, dt);
+-        if (!_TIFFMergeFields(tif, fld, 1))
++        if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             return NULL;
+     }
+ 
+Index: tiff-4.6.0/libtiff/tif_dirread.c
+===================================================================
+--- tiff-4.6.0.orig/libtiff/tif_dirread.c
++++ tiff-4.6.0/libtiff/tif_dirread.c
+@@ -4260,11 +4260,9 @@ int TIFFReadDirectory(TIFF *tif)
+                                 dp->tdir_tag, dp->tdir_tag);
+                 /* the following knowingly leaks the
+                    anonymous field structure */
+-                if (!_TIFFMergeFields(
+-                        tif,
+-                        _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                             (TIFFDataType)dp->tdir_type),
+-                        1))
++				const TIFFField *fld = _TIFFCreateAnonField(
++                    tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
++                if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+                 {
+                     TIFFWarningExtR(
+                         tif, module,
+@@ -5138,11 +5136,9 @@ int TIFFReadCustomDirectory(TIFF *tif, t
+                             "Unknown field with tag %" PRIu16 " (0x%" PRIx16
+                             ") encountered",
+                             dp->tdir_tag, dp->tdir_tag);
+-            if (!_TIFFMergeFields(
+-                    tif,
+-                    _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                         (TIFFDataType)dp->tdir_type),
+-                    1))
++			const TIFFField *fld = _TIFFCreateAnonField(
++                tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
++            if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             {
+                 TIFFWarningExtR(tif, module,
+                                 "Registering anonymous field with tag %" PRIu16

tiff.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Aug 19 06:30:27 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- security update:
+  * CVE-2024-7006 [bsc#1228924]
+    Fix pointer deref in tif_dirinfo.c
+    + tiff-CVE-2024-7006.patch
+
 -------------------------------------------------------------------
 Fri Jan 26 09:59:33 UTC 2024 - Michael Vetter <mvetter@suse.com>
 

tiff.spec

@@ -32,6 +32,7 @@ Source3:        baselibs.conf
 Source99:       tiff.keyring
 Patch0:         tiff-4.0.3-seek.patch
 Patch1:         tiff-CVE-2023-52356.patch
+Patch2:         tiff-CVE-2024-7006.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libjbig-devel
 BuildRequires:  libjpeg-devel